Michael Cardell Widerkrantz
78eb472ac9
fw: Go to state fail on bad command lengths
2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
ebf8a11ed0
fw: Move all variable declaration to first in scope
2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
9c766794db
fw: Move scramble RAM to own function
2023-03-14 11:31:47 +01:00
Michael Cardell Widerkrantz
9de7f294df
fw: Move all command switches to their own functions
2023-03-14 11:31:47 +01:00
Michael Cardell Widerkrantz
4e3f5469ef
fw: Simplify logic
...
Switch on state, then read commands specifically in the states that
allow reading of commands, then switch on specific command.
2023-03-14 11:31:47 +01:00
Daniel Lublin
7a97f1ee5f
Add more complete fw_ram test; let testfw have stack in RAM
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 11:21:47 +01:00
Daniel Lublin
5fe7ba7f9d
fw: optimize for speed (-O2) instead of size (-Os)
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:05 +01:00
Daniel Lublin
957df5e6b4
fw: enable addr & data scrambling; fill RAM with random data
...
Use a rnd_word() func
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:03 +01:00
Daniel Lublin
4afdc1cd1f
fw: Steady white led while waiting cmd; led off while loading app
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:03 +01:00
Daniel Lublin
7eb4d0304b
fw: load app at the start of RAM
...
Since app is always loaded at the start of RAM, the TK1_APP_ADDR define
is no longer needed.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:03 +01:00
Daniel Lublin
425fdb4b90
fw: adjust for 2 KB of FW_RAM
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Daniel Lublin
c1fffcb70b
Keep uninitialized var in main, not globally, preventing any BSS
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Daniel Lublin
3ddd6e83a3
Refuse to produce a .bin if .elf has non-empty data or bss section
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
d77654bb8e
fw: No .data or .bss segment
...
We don't use any .data or .bss segment at all to keep all the firmware
variables in the stack in protected fw_ram.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
56e34b3add
fw/testfw: Use fw_ram for firmware stack
...
This means firmware's stack shouldn't be accessible to programs
running in app_mode.
It also means we don't need to take special care of secure_ctx which
can now be an ordinary stack variable.
Nonetheless we zero out secure_ctx after final use and inline some
assembler to zero out the entire fw_ram after use, just before
switching to app_mode.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
d2240b3e0f
fw: Use a bit string for allowed_commands
...
For every state, define a constant bitstring with allowed commands and
check incoming command agains that.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
8edfdf9c36
fw: Remove state init_loading, introduce state fail
...
- We always assert on allowed commands in a state.
- We don't allow FW_CMD_LOAD_APP to be used twice.
- Enter fail state on read buffer overrun, header endpoint not for us,
header parse error, and unknown firmware command.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
65f100a3c0
fw: Use byte readable UDS
...
UDS is now byte readable (but not writable).
Use UDS and USS directly in a blake2s_update() instead of
concatenating them into fw_ram. UDS will still live for a short while
in fw_ram in the blake2s context buffer but will soon be overwritten.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
b34fdbcd37
testfw: Use wordcpy_s() and memcpy_s()
...
Use new wordcpy_s() and memcpy_s() functions from lib.c.
Add a local memcpy() which compiling with -Os seems to demand. Why?
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
cc032d9883
fw: Hide HTIF functions better when using NOCONSOLE
...
We define macros for them that expand to nothing or to a constant to
avoid any extra function calls to dummy functions when running on real
hardware with no console.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
3a7ec9b9a0
fw: Run forever_redflash() when aborting from asserts
...
Should be more vissible than an eternal loop.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
bbbe1e2f31
fw: Move LED defines and function to own files
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
ccc3b16569
fw: Safer memory functions + asserts
...
Introduce memcpy_s() and wordcpy_s() that takes the destination buffer
size as an argument. Use assert() which aborts our program to an
eternal loop if we hit problems.
Sprinkle asserts elsewhere as well.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
f386cec1ed
fw: Add destination buffer size to read()
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:00 +01:00
Michael Cardell Widerkrantz
b292c72534
fw: Remove unnecessary memcpy() from putinthex()
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:00 +01:00
Joachim Strömbergson
b9c415f5d6
bank1 access should also be disabled by default.
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-13 12:43:07 +01:00
Joachim Strömbergson
000b7644b5
Update fw ram last address to match new mem size
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-08 13:31:45 +01:00
Daniel Lublin
5f4f5c6584
Correct for new fw-ram size
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-08 12:34:34 +01:00
Daniel Lublin
ebe59647bb
Adjust header file to new fw_ram size
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-08 11:26:25 +01:00
Joachim Strömbergson
a63ba8eb13
Double the size of the fw_ram to 2 kByte
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-08 11:20:38 +01:00
Daniel Lublin
8fd0fca967
Grow largest frame length to 512 bytes
2023-03-07 13:52:02 +01:00
Joachim Strömbergson
2e2ca04ab7
Bump FPGA design version to 5
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 12:30:10 +01:00
Joachim Strömbergson
d075cc72c3
Manually merged changes for scrambling
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 10:42:59 +01:00
Joachim Strömbergson
3eb5b7879c
Add API address to read out number of bytes in Rx FIFO
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 08:22:27 +01:00
Joachim Strömbergson
4db4e39205
Clarify the purpose and functionality of the tk1 core
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 08:20:18 +01:00
Joachim Strömbergson
74fd7e3001
Fix spelling nits
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 08:16:42 +01:00
Joachim Strömbergson
6f327d2ff9
Block changing of monitor addresses when enabled
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
66ebe5089a
Add fw_ram as always active exe monitor area
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Michael Cardell Widerkrantz
0caf260553
Add CPU_MON offsets
...
Introduces offsets for setting addresses to check for execution and
offset for controlling the execution monitor.
- TK1_MMIO_TK1_CPU_MON_CTRL
- TK1_MMIO_TK1_CPU_MON_FIRST
- TK1_MMIO_TK1_CPU_MON_LAST
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
5c05ae657e
exe monitor can only be enabled, not disabled
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
7612d00ccf
Feed CPU illegal instruction to trigger trap
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
8ba97e16f3
Move force_jump function to top level mem system
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:54 +01:00
Joachim Strömbergson
86ea45e10a
Add CPU execution monitor
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:53 +01:00
Joachim Strömbergson
e514f778b2
Remove stray variable for blake2s address update
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 11:32:38 +01:00
Joachim Strömbergson
adcccc44de
Change reset value for the trap led to black
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 11:32:38 +01:00
Joachim Strömbergson
d335dd708a
Add HW to detect trap in cpu and signal using the LEDs
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 11:32:38 +01:00
Daniel Lublin
c9593f11c8
Config verilator lint to ignore known 3rd-party warnings; let warnings be fatal
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-01 13:37:31 +01:00
Joachim Strömbergson
caeee54e19
Change LED reset value to black
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-02-27 13:21:51 +01:00
Joachim Strömbergson
317561ad32
Remove options that are the same as the default values
...
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-02-27 10:22:04 +01:00
Daniel Lublin
9a6a790715
Add github action with basic CI that builds
...
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-02-03 14:28:56 +01:00